package com.example.security6atguigu.controller;

import com.example.security6atguigu.entity.User;
import com.example.security6atguigu.service.UserService;
import jakarta.annotation.Resource;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.*;

import java.util.List;

@RestController
@RequestMapping("user")
public class UserController {

    @Resource
    private UserService userService;


    @GetMapping("list")
    @PreAuthorize("hasRole('admin') and authentication.name == 'admin'")
    public List<User> getList(){
        return userService.list();
    }

    @PostMapping("add")
    @PreAuthorize("hasRole('user')")
    public void add(@RequestBody User user){
        userService.saveUserDetails(user);
    }

}
